In this meeting, the State Changers discuss security concerns and best practices related to web application development. Ken raises a question about the difficulty of understanding the flow structure of some applications and asks if there is a best practice for obscuring code to prevent others from deciphering it. The State Changers explain that while code distribution should be treated as insecure, there are measures like minification and obfuscation that can make it inconvenient for others to decompile or understand the code. However, they emphasize the importance of prioritizing user experience and responsiveness to issues over excessive code scrambling. They also mention that in regulated industries, additional security considerations should be taken into account. Anthony asks about preventing attacks after someone gains access to a user's machine. The State Changers explain the use of cryptographic tokens and a secure login mechanism to control access and reduce the probability of fake access. They also highlight the OWASP's security concerns for web applications and recommend implementing measures like oauth, strong passwords, and multi-factor authentication. Additionally, they mention the use of short-lived access tokens that need to be refreshed periodically.
(Source: Office Hours 1/20 )
